I just found a cool tool that attempts to somewhat automate PenTesting a website. It's called Detcetify, and it works like this:

You sign up, make an account and link that account to a website. You then create a file on your server to prove that the website belongs to you. Detectify starts a scan on your website and attempts to find any flaws in it.

I tested it on my site, and it worked quite well! It found 3 Warnings, 5 Notices, and 0 Vulns

Keep in mind that it doesn't touch forms on your site for fear of fucking stuff up, so it wont find stuff like SQL injections or XSS.

Do not mistake understanding for realization, and do not mistake realization for liberation